From: Hangbin Liu <liuhangbin@gmail.com>
To: Cong Wang <xiyou.wangcong@gmail.com>
Cc: David Ahern <dsahern@gmail.com>,
Roopa Prabhu <roopa@cumulusnetworks.com>,
network dev <netdev@vger.kernel.org>
Subject: Re: [PATCH net] ipv6: no need to return rt->dst.error if it is not null entry.
Date: Fri, 28 Jul 2017 19:04:42 +0800 [thread overview]
Message-ID: <20170728110442.GF5465@leo.usersys.redhat.com> (raw)
In-Reply-To: <CAM_iQpU5EZr1rtgY8sCBjD=utzmi9c6MQ2xb36iXLk++qSk3WA@mail.gmail.com>
On Thu, Jul 27, 2017 at 09:56:08PM -0700, Cong Wang wrote:
> On Wed, Jul 26, 2017 at 11:49 AM, David Ahern <dsahern@gmail.com> wrote:
> > On 7/26/17 12:27 PM, Roopa Prabhu wrote:
> >> agreed...so looks like the check in v3 should be
> >>
> >>
> >> + if ( rt == net->ipv6.ip6_null_entry ||
> >> + (rt->dst.error &&
> >> + #ifdef CONFIG_IPV6_MULTIPLE_TABLES
> >> + rt != net->ipv6.ip6_prohibit_entry &&
> >> + rt != net->ipv6.ip6_blk_hole_entry &&
> >> +#endif
> >> + )) {
> >> err = rt->dst.error;
> >> ip6_rt_put(rt);
> >> goto errout;
> >>
> >
> > I don't think so. If I add a prohibit route and use the fibmatch
> > attribute, I want to see the route from the FIB that was matched.
>
> But net->ipv6.ip6_prohibit_entry is not the prohibit route you can
> add in user-space, it is only used by rule actions. So do you really
> want to dump it?? My gut feeling is no, but I am definitely not sure.
>
> When you add a prohibit route, a new rt is allocated dynamically,
> net->ipv6.ip6_prohibit_entry is relatively static, internal and is the
> only one per netns. (Same for net->ipv6.ip6_blk_hole_entry)
>
> I think Hangbin's example doesn't have ip rules, so this case
> is not shown up.
I mixed the rule entry and route entry these days. And with your help I can
separate them now.
When first time I find the rt->dst.error return directly issue, I was testing
ip rule actually.
e.g.
+ ip netns exec client ip -6 rule add to 2003::1/64 table 100 unreachable
+ ip netns exec server ip -6 rule add to 2001::1/64 table 100 prohibit
+ ip netns exec client ip -6 route get 2003::1
RTNETLINK answers: Network is unreachable
+ ip netns exec client ip -6 route get 2001::1
RTNETLINK answers: Permission denied
After check I thought we returned net->ipv6.ip6_null_entry /
net->ipv6.ip6_blk_hole_entry in function fib6_rule_action().
That's the reason I want to delete both rt->dst.error and
net->ipv6.ip6_null_entry check in patch v2 and v3.
Then with David's comments I realise we also need to take care about ip route
entrys.
my last mail's comment:
> Thanks for your explains. Now I know where I made the mistake. I mis-looked
> FR_ACT_UNREACHABLE to RTN_UNREACHABLE and thought we return rt =
> net->ipv6.ip6_null_entry in fib6_rule_action().
But then I fall in to the code logic and get lost... And thought
FR_ACT_UNREACHABLE and RTN_UNREACHABLE are not same. Today I re-check the
code and realise RTN_UNREACHABLE is defined in user space and FR_ACT_UNREACHABLE
is in kernel. Actually they are the same.
So after PATCH v4, we fixed the route side. And part of ip rule(prohibit and
blk hole). I will think over of this.
Thanks
Hangbin
next prev parent reply other threads:[~2017-07-28 11:04 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-20 14:51 [PATCH net] ipv6: no need to return rt->dst.error if it is not null entry Hangbin Liu
2017-07-20 15:06 ` Hangbin Liu
2017-07-20 15:23 ` Hangbin Liu
2017-07-21 15:53 ` David Ahern
2017-07-21 18:42 ` Cong Wang
2017-07-21 21:53 ` Roopa Prabhu
2017-07-23 4:54 ` Roopa Prabhu
2017-07-24 3:09 ` Hangbin Liu
2017-07-24 19:57 ` Cong Wang
2017-07-25 0:08 ` Hangbin Liu
2017-07-25 3:28 ` David Ahern
2017-07-25 7:32 ` Hangbin Liu
2017-07-26 17:18 ` David Ahern
2017-07-26 18:27 ` Roopa Prabhu
2017-07-26 18:49 ` David Ahern
2017-07-26 18:55 ` Roopa Prabhu
2017-07-26 19:00 ` David Ahern
2017-07-26 19:38 ` Roopa Prabhu
2017-07-27 16:08 ` Hangbin Liu
2017-07-28 4:56 ` Cong Wang
2017-07-28 11:04 ` Hangbin Liu [this message]
2017-07-28 15:10 ` David Ahern
2017-07-28 17:13 ` Roopa Prabhu
2017-07-28 17:39 ` David Ahern
2017-07-28 19:52 ` Roopa Prabhu
2017-07-29 14:41 ` David Ahern
2017-07-31 18:37 ` Cong Wang
2017-07-31 18:40 ` David Ahern
2017-07-25 17:49 ` Cong Wang
2017-07-26 9:18 ` Hangbin Liu
2017-07-21 3:47 ` [PATCHv2 net] ipv6: should not return rt->dst.error if it is prohibit or blk hole entry Hangbin Liu
2017-07-21 15:29 ` kbuild test robot
2017-07-21 16:34 ` kbuild test robot
2017-07-23 4:55 ` [PATCH net] ipv6: no need to return rt->dst.error if it is not null entry Roopa Prabhu
2017-07-24 2:28 ` Hangbin Liu
2017-07-26 9:20 ` [PATCHv3 net] ipv6: no need to return rt->dst.error if it is prohibit entry Hangbin Liu
2017-07-26 17:09 ` David Ahern
2017-07-26 18:48 ` David Ahern
2017-07-27 13:48 ` Hangbin Liu
2017-07-27 16:25 ` [PATCHv4 net] ipv6: no need to check rt->dst.error when get route info Hangbin Liu
2017-07-27 18:03 ` David Ahern
2017-07-28 17:23 ` David Ahern
2017-07-27 19:52 ` Roopa Prabhu
2017-07-31 23:22 ` David Miller
2017-07-31 23:34 ` David Ahern
2017-07-31 23:39 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170728110442.GF5465@leo.usersys.redhat.com \
--to=liuhangbin@gmail.com \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=roopa@cumulusnetworks.com \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).